An ABX log provides a starting point for the reproducibility of the results. It's a call to action that says "Hey guys, I measured this. You give it a try as well and see what you find."

Also, don't post an ABX log without providing samples of the audio you used (if necessary), the properties of those samples, and if relevant, the conditions under which you conducted the experiment. If you don't, it's indeed exactly as pointless as just claiming your hear a difference.

And yes, you can forge the audio samples as well and lie about your experiment, but it's a lot more work, and the more reputable, experienced members of this forum are more likely to see through the deception.

{Server sends audio to client and asks: is it A or is it B?;Client: sends answer to server: it's A.Server: check if its correct. } repeat until nServer generates report.Server signs report.Server sends signed report.

{Server sends audio to client and asks: is it A or is it B?;FakeClient: detect if audio is identical to last received audio (trivial), display result, send answer to server.Server: check if its correct. } repeat until nServer generates report.Server signs report.Server sends signed report.

Here, you are not talking about signing robustness or possible use in this case. My reply was about that.Now you are talking about another issue. Even if you use your fake client, you stil don't know if it is A or B.Last but not least. As the OP stated, it's trivial to edit a text file (thing which prevents pgp), but it's not that trivial to develop a fake client.

-The server doesn't need to be 24/7, it doesn't even need to be web. Client can run OP computer and server on the other guy's computer.

QUOTE (googlebot @ Feb 23 2011, 02:00)

Your proposed client/server solution does not add any security over an embedded key.

I've never stated that my solution adds security over an embedded key. I only said that pgp signature(if private key is secure, iein a secure server) is not possible to forge. You were the one saying it was not true and showing you don't understand how private/public key encryption or client/server apps work

-The server doesn't need to be 24/7, it doesn't even need to be web. Client can run OP computer and server on the other guy's computer.

It doesn't matter where or how long it runs if there is no benefit.

QUOTE (PaJaRo @ Feb 23 2011, 02:28)

I've never stated that my solution adds security over an embedded key.

So it was senseless to mention it?

QUOTE (PaJaRo @ Feb 23 2011, 02:28)

I only said that pgp signature(if private key is secure, iein a secure server) is not possible to forge.

The challenge in cryptography isn't getting it right in theory, where sufficiently long private keys are expected (not proven) to be unrecoverable from public keys or signatures, but actual implementation. Over 99.9% of all breaches happen because of flaws wrt the latter. The solution, that you have proposed to prevent forgery by key extraction, does in practice allow forged signatures, and even quite easily.

QUOTE (PaJaRo @ Feb 23 2011, 02:28)

You were the one saying it was not true and showing you don't understand how private/public key encryption or client/server apps work

Please, read the thread again, and if you then still have an intense feeling of having been right the whole time - much louder than a few little snippets of reason that may (hopefully) have passed your mind briefly - please let me know, so that I don't waste my time on you again.

With all due respect to the OP this proposal is not only unnecessary it's also possibly counter productive.

Whatever someone claims to have 'proven' with his 'evidence' ought to be less significant than you having the ability to repeat the test and decide for yourself. That's how scientific progress is made. In any field of inquiry.

Whats important is that the claimant provides the samples and methodology used so that the claim can be independently verified.